Ted Leung on the air: Open Source, Java, Python, and ...
This is one of the last cleanup items from the laptop theft. I've revoked my PGP key and created a new one.
This is my old key:
pub 1024D/F5FC4B42 2001-03-31 Key fingerprint=1003 7870 251F FA71 A59A CEE3 BEBA 2B87 F5FC 4B42
This is revocation certificate for that key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: A revocation certificate should follow iEkEIBECAAkFAkRarPUCHQIACgkQYCjW/J06/U899wCeMyjgTwcxPGf0f1LZXBE9 gHOkkIcAniu5l0FEORidmvZlTsDZ0AdSmaMr =F6WI -----END PGP PUBLIC KEY BLOCK-----
Here's my new key id information:
pub 1024D/9D3AFD4F 2006-03-05 Key fingerprint = E6E8 48D5 17E6 0484 37D6 B38E 6028 D6FC 9D3A FD4F
[via Links ]:
Earlier this year at CodeCon, Ben Laurie showed me the work that he had done on adding capabilties to Perl. Now he's put up a post with a pointer to the code and a little bit of documentation. He originally got interested in the problem because he was interested in adding capabilities to Python, but that turned out to be harder than he thought. Along the way, he formed some conclusions about Python and security:
Also, it seems the Python devlopers aren’t really interested in capabilities (nor all that interested in security, it seems, since the restricted execution mode is not maintained).
I don't think it's quite as a bad as Ben thinks, since he and I had some conversations with some Python developers and those folks were definitely interested in capability support. Of course, quite a few of them were a bit Twisted.
CaPerl is an alternative approach to adding capabilities which involves compiling a capability enhanced version of the language into the regular language. As to the rationale for doing this in Perl:
So, I did this for Perl, on the basis that if you can secure Perl you can surely secure anything.
I'm curious to see whether making the code available has any impact on the uptake of these ideas. Perhaps there will be some impetus in the Perl or Python communities to pick up on these ideas. When I saw Ben at Mind Camp, I suggested to him that perhaps the most profitable place to seed these ideas is the Ruby community, given the momentum hype of Rails, and the relative openness of the Ruby community to non-mainstream ideas.
I'd love to be proven wrong.
gpgand successfully added a UID. Then I tried to send it up to the MIT keyserver. I switched from using PGP to using GnuPG when I discovered that there were Windows binaries that could also be used from Thunderbird's EnigMail plugin. The send-keys operation reported that it had successfuly transmitted my key, but when I queried the MIT server about myself, it didn't show the new UID. After many minutes of futzing an googling, I discovered that some keyservers have problems with subkeys. Apparently the MIT server is one of them. In order to get subkeys to work, you need to access a keyserver that is running the SKS keyserver codebase. I changed my keyserver setting in GnuPG to use
hkp://keyserver.bu.edu, and the new UID appeared. The UID also appeared at MIT, so now that works as well. If you're getting ready for the party, you probably want to know this.